Tree structure that contains the relation of DNSSEC data,
and their cryptographic status.

This tree is derived from a data_chain, and can be used
to look whether there is a connection between an RRSET
and a trusted key. The tree only contains pointers to the
data_chain, and therefore one should *never* free() the
data_chain when there is still a trust tree derived from
that chain.

Example tree:

key key key

\ | /

\ | /

\ | /

ds

|

key

|

key

|

rr

For each signature there is a parent; if the parent
pointer is null, it couldn't be found and there was no
denial; otherwise is a tree which contains either a
DNSKEY, a DS, or a NSEC rr
struct ldns_dnssec_trust_tree_struct
{
ldns_rr *rr;

/* the complete rrset this rr was in */

ldns_rr_list *rrset;

ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];

ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];

/** for debugging, add signatures too (you might want

those if they contain errors) */

ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];

size_t parent_count;

};

typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;

AUTHOR

The ldns team at NLnet Labs. Which consists out of
Jelte Jansen and Miek Gieben.